Updated: Apr 5, 2022
In the aftermath of the coronavirus pandemic, the workplace as we know it, has irrevocably changed, permanently. Hybrid workforces or a total move to working from home, have become the norm, and while companies report increased productivity, these scenarios do not come without a slew of security risks and challenges.
One instance, would be employees using their home internet connections to connect to the company servers, if the internet connection isn’t secure, the company’s data is placed at risk. Similarly, shadow IT, or apps that employees use that are not sanctioned by the organisation, can be a danger too. Unfortunately, from the bring your own device (BYOD) world, we’ve moved to a bring your own everything world, and it’s causing headaches for security teams.
All organisations have certain security tools, solutions and protocols in place to keep them safe from an external attack, but too often, they don’t realise that the biggest threat to their security might be sitting down the hall from them. Nearly every breach reported has an element of the insider threat, whether by malice or carelessness, and this is due, at least in part, to lack of security awareness and training.
And sure, security policies can be a major irritation for workers who see them as inconvenient hurdles to usability and their daily tasks. Even the slew of privacy tools that are flooding the market these days such as VPNs and secure browsers, can be circumvented, and put the business at risk.
So the question in my mind, is how do we make basic security hygiene second nature? After all, there are so many things we do in our daily lives without thinking. We lock our doors, we brush our teeth, we put the kettle on first thing in the morning. We do these things habitually, so why should cyber awareness be any different?
From an business point of view, the aim of any robust cyber security awareness programme is to help workers get to a point where they don’t have to actively remember to do things that keep them safe from attack, but rather develop healthy security habits that become as automatic as breathing.
We’re not talking about having workforces made up of zombies on autopilot, but when it comes to a wide range of security functions it is highly possible that we can create good cyber security hygiene habits that overarch both our business and personal lives. It’s as simple as spotting something that seems off in an email, or its signature, or an attachment that you don’t think passes the sniff test, as it were.
Frankly Speaking, My Dear...
Convincing employees to give a damn about their role in cyber security has been a bugbear of the security community for many years now, so perhaps the solution needs a new approach, and more creative thinking. One thing is clear, and that is that yesterday’s methods aren’t doing the job.
What could work, is training that encourages employees to collaborate with, and coach each other to develop an original toolkit that mixes up original themes, new ideas for implementation, and practical resources that have proven to inspire a new generation of employees who are cyber aware, from the bottom, to the executive level.